The number of security incidents involving mobile devices has increased over the past year, but companies are not protecting their mobile assets as well as they do other systems. One in three organizations admitted to suffering a compromise due to a...

Digitally transforming enterprises are now able to seamlessly integrate a myriad of service providers and business partners globally through diverse private interconnections. Equinix’s Global Interconnection Index volume 2 (GXI2)...

Networking vendor Juniper Networks has rolled out a new security architecture that will connect and operate with an enterprise customer's existing stack of products.
Named ‘Juniper Connected Security’, the open platform automates...

Rapid digitalisation has resulted in a surge in both the number of endpoints and the means by which cybercriminals can infiltrate enterprise networks. Around the globe, the total financial damage due to cybercrimes is predicted to reach $8 trillion...

Topic

Global supply chains and trade networks are becoming more complex as a result of shifting patterns within the logistics industry, including changing demands of vendors and customers.
In reality, not all businesses are able to navigate these...

Public cloud services are a strategic weapon for CIOs. More than a way to cease operating data centers, the public cloud offers CIOs the ability to focus on strategic projects aimed at boosting the bottom line.
“As organizations pursue new...

Security-performance balance in combating encrypted threats

A key discovery from F5
Labs’ study of a decade's worth of breach cases is that
companies usually only know a small fraction of what went on in
the attacks that lead to a breach. The causes of this could be
the failure of multiple factors, including visibility, logging,
monitoring and alerting, and communication.

What has been obvious, however, is that applications and
identities were the initial targets in 86% of breaches. Breaches
that start with application attacks are costly, accounting for
47% of the breach costs, albeit only 22% of the total breached
records.

One of way of addressing this risk, as the F5 Labs 2018
Application Protection Report highlighted, is to encrypt
confidential application data and protect the encryption decoding
key. Indeed, privacy and security concerns have led
to more than 80% of internet page
loads now encrypted with Secure Sockets Layer (SSL) or
Transport Layer Security (TLS) for secure links between a web
server and a browser.

The downsides are that SSL/TLS encrypted channels can also be
used by attackers to hide attacks and malware from security
devices. Further, many inspection devices like a next-gen
firewall, an IDS/IPS, or a malware sandbox lack visibility into
encrypted SSL/TLS traffic or suffer degraded performance when
decrypting the encrypted traffic.

This calls for app infrastructure
protection to defend systems that the applications
depend on from attacks on TLS, Domain Name Systems, and the
network.

At the TLS tier of an app, attacks could target keys to decrypt
confidential data and establish authenticity, or use captured or
reverse-engineered session IDs to take control of a legitimate
user’s web application session still in progress.

To provide full visibility into the data moving in and out of the
network, organizations need encryption that, in the interest of
performance, does not consume a large amount of resources,
particularly CPU time on servers. The F5 BIG-IP platform, for example, offers
an array of solutions to drive security without increasing
network latency.

The F5 platform takes advantage of elliptical curve
cryptography (ECC)advanced encryption algorithms that reduce CPU
overhead for encryption while simultaneously maintaining or
improving security, with smaller key sizes. Also, IT teams are
driving toward a solution that maintains a single round of
encryption for the entire connection, from client to server while
facilitating use of a variety of tools, such as those for data
leak prevention (DLP), pre-access authentication, and load
balancing, for secure and efficient
application delivery.

With authentication, authorization, and accounting, the BIG-IP
device prevents unauthorized users, even attackers masquerading
as valid users, from entering or reaching critical systems to
attempt exploits. In DDoS scenarios, a high-performance device
can redirect attacking connections to a quarantine network so
public-facing networks remain available to actual users.

Know your bits

Full visibility into encrypted traffic also requires
high-performance decryption and encryption of inbound and
outbound SSL/TLS traffic to enable inspection and quicker threat
detection. This is where SSL Orchestrator goes beyond mere SSL
awareness and offload to provide robust
decryption/encryption of SSL/TLS traffic driven by policy-based
orchestration capabilities across any network topology, device or
application.

SSL Orchestrator taps on BIG-IP LTM, among other components from
multiple product modules. Based on the F5 full proxy
architecture, security services such as IDS, IPS and NGFW can be
load balanced, monitored, skipped if failed, and re-usably
"chained" together in logical flows. Individual TCP packet flows
can be steered through different service chains based on various
criteria – all within a single set of hardware-accelerated
decrypt and re-encrypt operations.

The F5 SSL Orchestrator and the F5 BIG-IP LTM, along with the F5
Advanced WAF, enable organizations to simplify and accelerate a
highly secure infrastructure that inspects encrypted traffic,
provides end-to-end encryption, and protects SSL/TLS
protocol.

With support for Hardware Security
Modules too, the F5 BIG-IP platform is highly adaptable
to an organization’s changing needs – stopping attacks while
continuing to provide users the high-performance application
experience that they need and expect.